MS Removal Tool
MS Removal Tool is a rogue antivirus from the same family as System Tool. It pretends to be an anti-virus program, but is actually a program that displays fake security alerts and scan results in order to make the user think their computer is infected. MS Removal Tool is installed through the use of malware that will install the program onto their computer without the user's knowledge or permission. Behavior When installed, the infection files will be created in a random named folder in C:\Documents and Settings\All Users\Application Data\, in XP, or C:\Documents and Settings\All Users\Application Data\, in Windows Vista and Windows 7. It will then be configured to start automatically when the user login to their computer. Once running it will scan the user's computer and state that there are numerous infections present, but will not allow the user to remove them until they purchase the program. Payload MS Removal Tool will also terminate any executables that the user attempts to run in order to protect itself from being removed. When the user attempts to run any program, it will terminate that program's process and then display a message similar to the following: Warning! Application cannot be executed. The file cmd.exe is infected. Please activate your antivirus software. While MS Removal Tool is running it will also display fake security alerts and warnings from the user's Windows taskbar. These alerts are designed to scare the user into thinking that their computer is severely infected and that the user should purchase the program to protect themself. The text of these messages include: MS Removal Tool Warning Your PC is infected with dangerous viruses. Activate antivirus protection to prevent data loss and avoid the theft of your credit card details. Click here to activate protection. MS Removal Tool Warning Intercepting programs that may compromise your privacy and harm your system have been detected on your PC. Click here to remove them immediately with MS Removal Tool. Security Monitor: WARNING! Attention: System detected a potential hazard (TrojanSPM/LX) on your computer that may infect executable files. Your private information and PC safety is at risk. To get rid of unwanted spyware and keep your computer safe you need to update your current security software. CLick Yes to download official intrusion detection system (IDS software). Warning: Your computer is infected Windows has detected spyware infection! Click this message to install the last update of Windows security software... This infection will also change the background of the user's Windows desktop to display the following over-the-top, and almost insensible, warning: Warning! Your're in Danger! Your Computer is infected with Spyware! All you do with your computer is stored forever in your hard disk. When you visit sites, send emails... All your actions are logged. And it is impossible to remove them with standard tools. Your data is still available for forensics, and in some cases For your boss, your friends, your wife, your children. Every site you or somebody or even something, like spyware, opened in your browsers, with all the images, and all the downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could break your life! Secure yourself right now! Removal all spyware from your PC! Category:Rogue software Category:Microsoft Windows Category:Win32